Logical Captcha instead of Image Captcha


#1

Grav supports Google ReCAPTCHA. However, our SEO specialist wants us to use logical or arithmetic Captcha, instead; he says it is considerably more user friendly. Also, WordPress supports arithmetic Captcha.

What is the best way to get this capability on the Grav Forms & Blueprints road map?


#2

Goodness, so much I want to say from your small request :slight_smile:

  • I looked into suggesting the Sweetcaptcha plugin because I thought it might do arithmetic tests, but it seems SweetCaptcha has now been taken over by malware distributors!
  • The Sweetcaptcha plugin shows that it’s quite simple to develop your own similar plugin using another service. I recommend building or adapting a plugin as a great way to get to know Grav.
  • There is also a honeypot form control. As currently implemented in Grav, I believe this has accessibility issues, but it may satisfy your SEO specialist if that is the most important thing. I have also found that many spammers get through this a fair bit.
  • I’ve had the most success with content filters as part of field validation (the validate.* field attributes). In my case, I reject forms with key fields containing links:
    validate:
        pattern: '^((?!https?:\/\/)(?:\R|.))*$'
        message: "Additional information field can't contain links"
  • Wordpress supports a lot of features in its core. Grav isn’t in direct “competition” with WP, but I appreciate you’ll be comparing their capabilities. My 2 cents is that WP has way too much in its core which is a big part of why it is so painfully slow. Because of its ubiquity, age, and continued popularity, it has a large pool of plugins, but the vast majority are complete rubbish.
  • You are very welcome to suggest core support for different CAPTCHA implementations on the ongoing Grav 2 Roadmap Github issue. I would support that, as I think the form control should support more than one implementation. Possibly you will be referred to post an issue on the forms plugin instead.
  • It sounds a little like you are blindly following your SEO specialist’s advice. If it was me, I would certainly be taking their advice on board but also supplementing my own and others’ opinions. Sounds like much more a UX issue than SEO. Your specialist may have heard this at the conference they went to last week. They’ll come from next month’s conference telling you the opposite. Sorry can’t help myself, I’m not enamoured to SEO peeps :stuck_out_tongue:

Hope that helps. Grav’s online chat community are generally very helpful if you want realtime support adapting a plugin or adapting your brain to Grav :wink: Good luck!


#3

@testlady Google has introduced reCAPTCHA v3 a few weeks ago, which might be of interest:

To quote their blog on this:

Today, we’re excited to introduce reCAPTCHA v3, our newest API that helps you detect abusive traffic on your website without user interaction.


#4

Thanks hughbris,

Just to clarify, we have been using Grav on two websites for more than a year, and we are thrilled with Grav, particularly compared to the previous CMS (Joomla). It seems to me that Grav should be way more popular and way more successful than it is, and some of these small limitations, if corrected, would really accelerate acceptance.

I am a technical business person; I hire software engineers to do development. What is disappointing to me is that there have not been more commercially oriented plugins and addons for Grav. Small and medium businesses really need forms to work well as that’s our major source of leads. (Big companies use device fingerprinting, so they know who you are without forms.) There are so many things wrong with the current forms solution – users filling out a form on a smartphone cannot see the Captcha images well enough to select the correct one(s), the form content data is leaked to unknown third parties, under certain conditions AdBlock sees the form as spam and removes it from the page, if you have multiple forms on your website, the thankyou notice continues to show the url from the first form, and on and on. So … I appreciate your suggestions about core support, but what would it take to fast track this and pay money for a high quality form that met the needs of small/med businesses? Also, like your field validation suggestion, that would eliminate a fair amount of spam. So maybe we should have a Grav forum for small and medium business owners who could prioritize requirements? And maybe chip in to fund development for the things we really need?


#5

Hi pamtbaau,

Thanks for the link. I read the info and watched the video, but I could not tell if they are supporting numeric captcha or not! But I will keep monitoring it.


#6

@testlady,

reCAPTCHA
Yes, you’re right Google’s reCAPTCHA does not support arithmetic challenges.

But why stick to a requirement of arithmetic challenges if the user does not need to be challenged at all? E.g. if the user’s validity can be deduced from other behavioural factors at forehand?

If only the most suspicious visits will need validation, I would prefer that above presenting every visitor an arithmetic challenge.

Have a look at this page about the different ways reCAPTCHA validates the visitor. The aim is not to challenge the visitor at all if not needed, and if needed, present the lowest intrusive challenge that reCAPTCHA provides.

Grav Forms
Grav Forms are not mandatory to use. I haven’t used Grav Forms myself for any form I use on my websites.

For me as a developer, it is quite simple to create a plugin presenting a custom form:

  • that uses the clients preferred layout and style,
  • with custom validation and error messages/hints using javascript
  • that handles the cleansing/validation of data submitted,
  • handles the business logic for the form (email, storage, …)
  • presents a custom summary or ‘Thank you’ message
  • using your own reCAPTCHA or alternative
  • …and just anything else you would like a form to look like or behave…

Simplicity and flexibility are just a few of Grav’s strengths…